Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

CVE-2025-13740

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

EUVD-2025-203329

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

EUVD-2025-24766

Malicious code in bioql PyPI...

CVE-2025-49059

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.20...

CVE-2025-49059

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.20...

CVE-2025-49059 WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.20...

CVE-2025-0805

The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress plugin Mortgage Calculator / Loan Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Mortgage Calculator / Loan Calculator plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Mortgage Calculator / Loan Calculator versions = 1.5.20...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

Remote Code Execution (RCE)

Overview ungit is a version control library. Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some gi...

Mutt has an unspecified vulnerability

Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers. A security vulnerability exists in Mutt prior to version 1.5.20 patch 7, which can be exploited to cause a denial of service by sending a series of requests to a mutt temporary file...